Unlock instant, AI-driven research and patent intelligence for your innovation.

A network abnormal traffic detection method based on the combination of snmp and netflow

A traffic detection and network anomaly technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve the problems of high false alarm rate and small data capacity of SNMP detection technology, so as to reduce the false alarm rate and reduce computing overhead. , to ensure the correctness of the effect

Active Publication Date: 2017-11-21
HARBIN ENG UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the NetFlow-based traffic detection technology also has some limitations. The data it collects is only statistically accurate, and the false positive rate is high.
[0005] Therefore, these two methods have great defects when used alone. The use of SNMP detection technology can make up for the shortcoming of low accuracy of NetFlow detection technology, and the use of NetFlow detection technology can make up for the shortcoming of small data capacity of SNMP detection technology.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network abnormal traffic detection method based on the combination of snmp and netflow
  • A network abnormal traffic detection method based on the combination of snmp and netflow
  • A network abnormal traffic detection method based on the combination of snmp and netflow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The principles and features of the present invention will be described below in conjunction with the accompanying drawings.

[0045] The invention provides a network abnormal traffic detection method based on the combination of NetFlow and SNMP, which is used for network traffic abnormal detection. The method includes two processes: NetFlow data collection and processing process and SNMP abnormal analysis process.

[0046] 1. NetFlow data collection and processing process

[0047] The specific process of NetFlow data collection and processing is as follows:

[0048] 1) The network switching equipment collects NetFlow data and stores them in the NetFlow database;

[0049] 2) The NetFlow database adopts the NetFlow preprocessing method. After data selection, filling of default values, data normalization and data classification, the original data is sorted into standardized data and divided into multiple data tables, which are stored in the preprocessing database;

[0050]...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a network abnormality detection method, in particular to a network abnormal flow detection method based on the combination of SNMP and NetFlow. The present invention includes: (1) NetFlow data acquisition and processing: the NetFlow monitoring program scans the data tables in the preprocessing database in real time, adopts a flow detection method based on NetFlow, detects whether the information in the preprocessing database is abnormal, and reports to the monitoring system if there is any abnormality. The program submits the IP address and protocol number of the abnormal information; (2) SNMP management program analyzes the abnormality. The invention reduces the rate of false alarms; adopts the NetFlow preprocessing method, processes the collected large amount of data through four methods, and finally divides them into multiple statistically significant data tables, which improves the scanning speed for the subsequent detection method and reduces the calculation time. overhead.

Description

technical field [0001] The invention relates to a network abnormality detection method, in particular to a network abnormal flow detection method based on the combination of SNMP and NetFlow. Background technique [0002] With the rapid development of Internet technology, the network has changed from a traditional single network to a complex heterogeneous network. While people feel the convenience brought by the Internet, they also suffer from various intrusion threats from the Internet. Abnormal network traffic detection is an effective method to protect user equipment security. Currently, there are two commonly used network traffic detection methods: SNMP-based traffic detection technology and NetFlow-based traffic detection technology. [0003] SNMP (Simple Network Management Protocol) is the most widely used network management protocol. The network flow information collected based on SNMP includes: the number of input bytes, the number of input non-broadcast packets, t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26
Inventor 王慧强吕宏武周沫郭方方冯光升唐匀龙林俊宇梁晓何占博
Owner HARBIN ENG UNIV